openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Files	Lines
2015-07-24	Expand ASN.1 template macros - the generated assembly only differs by	jsing	2	-102/+682
	changes to line numbers.
2015-07-24	an TLS -> a TLS; from thanos tsouanas	jmc	5	-14/+14

2015-07-24	Expand ASN1_ITEM_TEMPLATE/ASN1_EX_TEMPLATE_TYPE/ASN1_ITEM_TEMPLATE_END	jsing	8	-44/+212
	macros - the generated assembly only differs by changes to line numbers.
2015-07-24	Expand IMPLEMENT_ASN1_MSTRING macros - the generated assembly only differs	jsing	4	-12/+84
	by changes to line numbers.
2015-07-24	Convert tls1_process_ticket to CBS.	doug	4	-62/+76
	ok miod@ jsing@
2015-07-24	Convert tls1_process_sigalgs to CBS.	doug	2	-10/+28
	ok miod@ jsing@
2015-07-24	Convert ssl3_get_record to CBS.	doug	2	-44/+58
	ok miod@ jsing@
2015-07-23	call it bcrypt in the man page too	tedu	1	-3/+3

2015-07-23	permit "bcrypt" as an alias for "blowfish". this is, after all, what	tedu	1	-11/+27
	99% of the world calls it. allow just "bcrypt" without params to mean auto-tune ("bcrypt,a"). default remains 8 rounds (for now) ok deraadt
2015-07-22	Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integer	jsing	1	-6/+2
	when it is not passed a reference to one. In this case, it is passed a reference to an ASN.1 integer that is part of the X509 ASN.1 data structure. Freeing this causes bad things to happen, since it is used and then freed later on. Found the hard way by kinichiro inoguchi.
2015-07-21	Convert openssl(1) nseq to new option handling.	jsing	1	-40/+51
	ok bcook@ doug@
2015-07-21	Convert openssl(1) pkcs7 to new option handling.	jsing	1	-93/+111
	ok doug@
2015-07-21	remove superfluous strings.h	bcook	1	-2/+1

2015-07-21	Remove duplicate check in libssl.	doug	2	-6/+2
	If len == 0, it already set try_session_cache so there's no need to check len again. Fixes Coverity issue 21687. ok bcook@
2015-07-20	Correct #if/else logic in BIO's dgram_ctrl.	doug	2	-6/+6
	Coverity issue 72741 noticed that ret is being overwritten before use. The actual issue is that the #if/else logic is guarding the wrong lines. Besides impacting ret, this also made the case's break logic wrong because it was in the wrong location. ok bcook@ beck@
2015-07-20	app_tminterval moved to apps_posix.c, we don't need sys/times.h	bcook	1	-2/+1

2015-07-20	prefer string.h to strings.h ok guenther@ doug@	bcook	2	-4/+4

2015-07-20	No need to recheck for NULL in openssl(1) ecparam.	doug	1	-5/+1
	Fixes Coverity issue 78802. ok bcook@
2015-07-20	Don't try to run ECDH if ecdh_checks fails in openssl(1) speed.	doug	1	-17/+23
	Coverity 72744 noticed that rsa_count was overwitten. The underlying issue is that this code is supposed to be in an else block. ok bcook@
2015-07-20	Avoid NULL deref in openssl(1) s_cb.	doug	1	-5/+14
	Fixes Coverity issue 24956. ok bcook@
2015-07-20	Avoid possible NULL deref in openssl(1) s_server.	doug	1	-2/+5
	Fixes Coverity issue 78873. ok miod@
2015-07-20	check the sigbuf value before using it.	rpointel	1	-2/+7
	ok miod@ (thanks).
2015-07-20	Avoid dereferencing a NULL.	doug	1	-5/+7
	Move NULL check before use. Fixes Coverity issue 21746. ok miod@ jsing@
2015-07-20	Remove condition that never happens and fix error handling.	doug	1	-6/+5
	There were two issues here: 1) in == NULL is never true because it's checked above here. (Fixes Coverity 21705) 2) All error handling is in the if (in == NULL) guard, so effectively there's no error handling and it continues on. ok miod@ jsing@
2015-07-20	Various memory leaks upon error or unchecked allocations.	miod	2	-8/+26
	ok doug@
2015-07-20	Use V_ASN1_UNDEF instead of -1.	miod	2	-14/+14
	Make sure ASN1_primitive_new() will return NULL in *pval in all error situations. ok bcook@ doug@
2015-07-20	Check the return value of asn1_enc_save(). ok bcook@ doug@	miod	2	-4/+8

2015-07-20	When freeing an X509_CRL, if freeing the user-maintained meth_data fails,	miod	2	-6/+8
	do not forgot to nevertheless keep freeing the other fields. ok doug@ guenther@
2015-07-20	In X509_PKEY_new(), make sure all allocation failures push an error to the	miod	2	-14/+30
	error stack, not only the first one. ok guenther@ doug@
2015-07-20	add NetLock Kft. CA root certificate, already present in web browsers and	steven	1	-0/+80
	needed for fetching ports distfiles. ok sthen@
2015-07-20	Check return value for ENGINE_ctrl and ENGINE_ctrl_cmd.	doug	1	-4/+15
	Fixes Coverity issue 21645. ok bcook@
2015-07-20	Check return value in openssl(1) s_socket.	doug	1	-3/+6
	Fixes Coverity issue 21655. ok bcook@
2015-07-20	Remove check that is never true.	doug	1	-3/+1
	Fixes coverity issue 78799 as group == NULL was already an error condition above here. ok beck@
2015-07-20	Warn when rename() fails in openssl(1) apps.	doug	1	-8/+36
	Fixes Coverity issues 78795 and 78803. ok bcook@
2015-07-20	Add VIS_DQ to escape double quotes. OK deraadt@ semarie@ reyk@	millert	1	-1/+3

2015-07-19	Remove OpenSSL engine RSAX.	doug	14	-1409/+12
	OpenSSL stopped building it last year and removed it this year. Based on OpenSSL commit c436e05bdc7f49985a750df64122c960240b3ae1. Also cranked major version in libcrypto, libssl and libtls. "fine with me" bcook@ miod@
2015-07-19	Allow *_free() functions in libssl to handle NULL input.	doug	9	-9/+34
	This mimics free()'s behavior which makes error handling simpler. ok bcook@ miod@
2015-07-19	Drop stupid (int) casts for the arguments of malloc() and friends. This is	miod	18	-48/+48
	not 16-bit MS-DOS anymore. ok bcook@ tedu@
2015-07-19	unifdef -UCBC_HANDLES_TRUNCATED_IO	miod	2	-38/+2
	ok bcook@ doug@
2015-07-19	Verify ASN1 objects types before attempting to access them as a particular	miod	4	-4/+12
	type. ok guenther@ doug@
2015-07-19	tweak previous; ok doug	jmc	1	-4/+4

2015-07-19	Convert ssl3_get_certificate_request to CBS.	doug	2	-62/+66
	ok miod@
2015-07-19	Fix symbol collision with libtls.	doug	7	-36/+36
	Pointed out by guenther. ok guenther@
2015-07-19	Add TLS_method, TLS_client_method and TLS_server_method.	doug	9	-9/+321
	Use these instead of SSLv23_method when you want to make sure TLS is used. By default, we disable SSLv3 but it's still possible for the user to re-enable it. TLS_method does not allow SSLv3. Both BoringSSL and (next version of) OpenSSL have these methods. However, they have changed the implementation significantly. We will as well, but not right now. Riding the libssl major bump. ok miod@ bcook@
2015-07-19	Crank major and remove legacy variables.	doug	6	-30/+6
	Libtls is riding this crank. ok miod@ bcook@
2015-07-19	Crank the major of libtls: the behaviour of tls_write() has been	reyk	1	-1/+1
	changed in an incompatible way regarding partial writes. OK miod@ deraadt@
2015-07-19	Free memory when finished.	doug	1	-2/+6
	Fixes coverity 78835. ok bcook@
2015-07-19	Add documentation on how to use TLS_{READ,WRITE}_AGAIN.	doug	1	-2/+29
	ok beck@
2015-07-19	Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()	miod	4	-16/+32
	fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
2015-07-19	Only close descriptor if not already closed.	doug	1	-3/+5
	Fixes coverity 78916. ok miod@ bcook@